The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
Unauthorized access to data and databases is a major concern for all network administrators. The increase in processor speed though making the network efficient and faster, also allows hackers and intruders to use same systems for breaching the security systems of the networks and for gaining access to secure and unsecured data. Even at a very fundamental level, access to networks and computer systems are being allowed through user authentication and passwords. The simplicity or complexity of a password depends generally on type of data stored in the system, and how secure one wants to make the total system. Security comes with an associated cost. This cost can be in terms of hardware and also in terms of time taken to access the system, both of which are at premium. One would like to have the most secure system at the least cost. Generally it can be said that a system or network can be made as secure as the time made available for authentication and verification of credential. However, everyone wants instant access to the system and hates to wait even for few seconds to login. Network administrator and security manager have to therefore fine-tune their security requirements and systems within these parameters.
Passwords are generally stored in databases so that when a user logs-on, the password entered by him can be compared against the one stored in the database, and based on the result, the user can be denied or granted permission. Hackers normally target the database to access the passwords. Methods for enhancing the security of passwords employ techniques such as encryption and/or hashing techniques like SHA256, SHA512. However, such secure passwords can also be compromised/breached through brute force attacks and/or dictionary attacks by targeting the password database.
Another technique commonly referred to as “adding salt” can be used before hashing the password to further enhance the security of passwords. Though this can further delay, but even these methods are not totally immune to the possibility/probability for cracking of passwords. This is more so because hackers and intruders today can work offline on retrieved password database and use high speed, cheaply available processors and machine for such task.
To further increase the time required to crack the passwords, a technique called “slow hashing”/“key stretching” is used by applying algorithms like PBKDF2. Using this however, the intruder can increase the scale of his offline attack, and then it's just a question of time before the intruder gets the original passwords.
The hashed passwords can be encrypted but the secret key needs to be stored in the local machine to verify the password, and therefore if an intruder gets access to the file system, he/she can retrieve the secret key as well. Once the secret key is used, some of the above mentioned techniques can be used to crack the passwords. Therefore, neither the hashing techniques nor the encryption mechanisms seem to be fully securing the passwords in the present state of implementations.